SYM_JAVA_0121 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Use of a Broken or Risky Cryptographic Algorithm
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code uses AES encryption without specifying a mode or padding, which defaults to ECB mode in Java. ECB mode is insecure because it doesn't properly protect the structure of encrypted data, making sensitive information easier to reveal.
Impact
Attackers can analyze patterns in the encrypted data, potentially exposing confidential information like passwords or personal data. This can lead to data breaches, privacy violations, and non-compliance with security standards.